package cn.tedu.security.controller;

import org.springframework.security.access.prepost.PostAuthorize;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.userdetails.User;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class HelloController {

    @GetMapping("/hello")
    public String hello(@AuthenticationPrincipal User user) {
        return "hello,   " + user.getUsername();
    }

    @GetMapping("/delete")
    @PreAuthorize("hasAuthority('ADMIN')")
    public String delete(@AuthenticationPrincipal User user) {
        System.out.println("user = " + user);
        System.out.println(user.getAuthorities());
        return "delete ok";
    }

    @GetMapping("/insert")
    @PreAuthorize("hasAuthority('USER')")
    public String insert(@AuthenticationPrincipal User user) {
        System.out.println("user = " + user);
        System.out.println(user.getAuthorities());
        return "insert ok";
    }
    @GetMapping("/delete1")
    @PreAuthorize("hasAuthority('ADMIN')")
    public String delete() {
        return "delete ok";
    }
}
